Ref T4398. Prevent users from brute forcing multi-factor auth by rate limiting attempts. This slightly refines the rate limiting to allow callers to check for a rate limit without adding points, and gives users credit for successfully completing an auth workflow.
Details
Details
- Reviewers
btrahan - Maniphest Tasks
- T4398: Implement two-factor authentication
- Commits
- Restricted Diffusion Commit
rP23e654ec2bc8: Rate limit multi-factor actions
Tried to enter hisec with bad credentials 11 times in a row, got rate limited.
Diff Detail
Diff Detail
- Repository
- rP Phabricator
- Branch
- hisec8
- Lint
Lint Passed - Unit
No Test Coverage - Build Status
Buildable 143 Build 143: [Placeholder Plan] Wait for 30 Seconds